Firewall Wizards mailing list archives
Re: IPv6 and firewall policies?
From: "Paul D. Robertson" <paul () compuwar net>
Date: Sun, 31 Oct 2004 04:14:32 -0500 (EST)
On Sat, 30 Oct 2004, Darren Reed wrote:
In some email I received from Paul D. Robertson, sie wrote:Is anyone doing anything with IPv6 other than either "let it back if I talk it out," "block it completely," or "ignore it and hope it goes away?"I'm rather dismayed at firewalling and IPv6, even just within packet filters, because there seems to be little understandng (as yet) of what IPv6 does and can do, along with the security implications of that. What extension headers need to be blocked ? What ones are safe to allow ? What are the risks with each of these ? Are you asking because it is within scope, asking whether or not it should be included in the scope or something else ?
I'm just trying to figure out where things are now and what strategies should be be employed from there moving forward. We were fortunate in starting with ALGs for IPv4 firewalling, because it took away so many of the issues with fragmentation, flags and segmentation- or at least relegated them to a single stack's implementation. With IPv6, I'm afraid we're going to come at it from a packet filter first approach, and that's got me worried that we're going to go through the same cycle all over again. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPv6 and firewall policies? Paul D. Robertson (Oct 29)
- Re: IPv6 and firewall policies? Darren Reed (Oct 30)
- Re: IPv6 and firewall policies? Paul D. Robertson (Oct 31)
- Re: IPv6 and firewall policies? Darren Reed (Oct 31)
- Re: IPv6 and firewall policies? Paul D. Robertson (Oct 31)
- Re: IPv6 and firewall policies? Darren Reed (Oct 30)